diff --git a/CVE-2021/CVE-2021-290xx/CVE-2021-29038.json b/CVE-2021/CVE-2021-290xx/CVE-2021-29038.json
index cac327d764a..9fbe1f2af0d 100644
--- a/CVE-2021/CVE-2021-290xx/CVE-2021-29038.json
+++ b/CVE-2021/CVE-2021-290xx/CVE-2021-29038.json
@@ -2,12 +2,16 @@
"id": "CVE-2021-29038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.010",
- "lastModified": "2024-02-20T22:15:08.010",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers."
+ },
+ {
+ "lang": "es",
+ "value": "Liferay Portal 7.2.0 a 7.3.5 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al fix pack 1, 7.2 anterior al fix pack 17 y versiones anteriores no compatibles no ofuscan las respuestas de recordatorio de contrase\u00f1a en la p\u00e1gina, lo que permite a los atacantes utilizar ataques de man-in-the-middle para robar las respuestas de recordatorio de contrase\u00f1a del usuario."
}
],
"metrics": {},
diff --git a/CVE-2021/CVE-2021-290xx/CVE-2021-29050.json b/CVE-2021/CVE-2021-290xx/CVE-2021-29050.json
index 6bf33c8b17a..d433eb84f0f 100644
--- a/CVE-2021/CVE-2021-290xx/CVE-2021-29050.json
+++ b/CVE-2021/CVE-2021-290xx/CVE-2021-29050.json
@@ -2,12 +2,16 @@
"id": "CVE-2021-29050",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.067",
- "lastModified": "2024-02-20T22:15:08.067",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en la p\u00e1gina de t\u00e9rminos de uso en Liferay Portal anterior a 7.3.6 y Liferay DXP 7.3 anterior al service pack 1, 7.2 anterior al fix pack 11 permite a atacantes remotos aceptar los t\u00e9rminos de uso del sitio mediante ingenier\u00eda social e incitar al usuario a visitar una p\u00e1gina maliciosa."
}
],
"metrics": {},
diff --git a/CVE-2022/CVE-2022-451xx/CVE-2022-45169.json b/CVE-2022/CVE-2022-451xx/CVE-2022-45169.json
index 2a391d67c0c..257927ed58a 100644
--- a/CVE-2022/CVE-2022-451xx/CVE-2022-45169.json
+++ b/CVE-2022/CVE-2022-451xx/CVE-2022-45169.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-45169",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.060",
- "lastModified": "2024-02-21T16:15:49.060",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Se puede producir una redirecci\u00f3n de URL a un sitio que no es de confianza (redirecci\u00f3n abierta) en el endpoint /api/v1/notification/createnotification, lo que permite a un usuario autenticado enviar una notificaci\u00f3n push arbitraria a cualquier otro usuario del sistema. Esta notificaci\u00f3n push puede incluir un enlace (invisible) en el que se puede hacer clic."
}
],
"metrics": {},
diff --git a/CVE-2022/CVE-2022-451xx/CVE-2022-45177.json b/CVE-2022/CVE-2022-451xx/CVE-2022-45177.json
index b1f959d6589..dbba6954eba 100644
--- a/CVE-2022/CVE-2022-451xx/CVE-2022-45177.json
+++ b/CVE-2022/CVE-2022-451xx/CVE-2022-45177.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-45177",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.127",
- "lastModified": "2024-02-21T16:15:49.127",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Puede ocurrir una discrepancia de respuesta observable en el endpoint /api/v1/vdeskintegration/user/isenableuser, el endpoin /api/v1/sharedsearch?search={NAME]+{SURNAME] y el endpoint /login. La aplicaci\u00f3n web proporciona diferentes respuestas a las solicitudes entrantes de una manera que revela informaci\u00f3n del estado interno a un actor no autorizado fuera de la esfera de control prevista."
}
],
"metrics": {},
diff --git a/CVE-2022/CVE-2022-451xx/CVE-2022-45179.json b/CVE-2022/CVE-2022-451xx/CVE-2022-45179.json
index 3bb4917458c..96ca8c31d33 100644
--- a/CVE-2022/CVE-2022-451xx/CVE-2022-45179.json
+++ b/CVE-2022/CVE-2022-451xx/CVE-2022-45179.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-45179",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.173",
- "lastModified": "2024-02-21T16:15:49.173",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials)."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Existe una vulnerabilidad XSS b\u00e1sica en el endpoint /api/v1/vdeskintegration/todo/createorupdate a trav\u00e9s del par\u00e1metro title y /dashboard/reminders. Un usuario remoto (autenticado en el producto) puede almacenar c\u00f3digo HTML arbitrario en el t\u00edtulo de la secci\u00f3n de recordatorio para corromper la p\u00e1gina web (por ejemplo, creando secciones de phishing para extraer las credenciales de las v\u00edctimas)."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24330.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24330.json
index 6b923182c21..2209dc949f6 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24330.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24330.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-24330",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.503",
- "lastModified": "2024-02-21T21:15:08.503",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de inyecci\u00f3n de comandos en D-Link Dir 882 con la versi\u00f3n de firmware DIR882A1_FW130B06 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /HNAP1/."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24331.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24331.json
index 30a5df6d7b7..10fb4c4d960 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24331.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24331.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-24331",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.567",
- "lastModified": "2024-02-21T21:15:08.567",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de inyecci\u00f3n de comandos en D-Link Dir 816 con versi\u00f3n de firmware DIR-816_A2_v1.10CNB04 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro urlAdd."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24332.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24332.json
index dad68ef2de1..721c2f72686 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24332.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24332.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-24332",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.617",
- "lastModified": "2024-02-21T21:15:08.617",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC6 con la versi\u00f3n de firmware US_AC6V5.0re_V03.03.02.01_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /goform/PowerSaveSet."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24333.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24333.json
index bbd2adc2a66..16506adada7 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24333.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24333.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-24333",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.673",
- "lastModified": "2024-02-21T21:15:08.673",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC21 con la versi\u00f3n de firmware US_AC21V1.0re_V16.03.08.15_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /goform/openSchedWifi."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24334.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24334.json
index 2de0e76403e..b8b3b63437d 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24334.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24334.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-24334",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.723",
- "lastModified": "2024-02-21T21:15:08.723",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC23 con la versi\u00f3n de firmware US_AC23V1.0re_V16.03.07.45_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro schedStartTime."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json
index aa2e6d73bab..f9035dc494b 100644
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-29179",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:07.693",
- "lastModified": "2024-02-22T10:15:07.693",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests."
+ },
+ {
+ "lang": "es",
+ "value": "Una desreferencia de puntero nulo en Fortinet FortiOS versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, Fortiproxy versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 permite atacante a la denegaci\u00f3n de servicio a trav\u00e9s de solicitudes HTTP especialmente manipuladas."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json
index fece04b73f5..0c55cc77a6e 100644
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-29180",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:07.947",
- "lastModified": "2024-02-22T10:15:07.947",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests."
+ },
+ {
+ "lang": "es",
+ "value": "Una desreferencia de puntero nulo en Fortinet FortiOS versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16, FortiProxy 7.2 .0 a 7.2.3, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 permite al atacante negar del servicio a trav\u00e9s de solicitudes HTTP especialmente manipuladas."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json
index 22d0ded909f..539a4ce14ca 100644
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-29181",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:08.140",
- "lastModified": "2024-02-22T10:15:08.140",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command."
+ },
+ {
+ "lang": "es",
+ "value": "Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16 , FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiPAM 1.0.0 a 1.0.3 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados mediante un comando especialmente manipulado."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33843.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33843.json
index adf78a4057a..375e149e674 100644
--- a/CVE-2023/CVE-2023-338xx/CVE-2023-33843.json
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33843.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-33843",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-21T15:15:08.537",
- "lastModified": "2024-02-21T15:15:08.537",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544."
+ },
+ {
+ "lang": "es",
+ "value": "IBM InfoSphere Information Server 11.7 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 256544."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3509.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3509.json
index 1c0071c47f2..87950490d7a 100644
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3509.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3509.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-3509",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-21T23:15:08.223",
- "lastModified": "2024-02-21T23:15:08.223",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en GitLab que afecta a todas las versiones anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Los miembros del grupo con funci\u00f3n de submantenedor pod\u00edan cambiar el t\u00edtulo de las claves de implementaci\u00f3n de acceso privado asociadas con los proyectos del grupo."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37177.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37177.json
index bf8399d46bb..f5d11258dcd 100644
--- a/CVE-2023/CVE-2023-371xx/CVE-2023-37177.json
+++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37177.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-37177",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.773",
- "lastModified": "2024-02-21T21:15:08.773",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de inyecci\u00f3n SQL en PMB Services PMB v.7.4.7 y anteriores permite que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de consulta en el endpoint /admin/convert/export_z3950.php."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38844.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38844.json
index 06a63c07b0a..c813ad2f9de 100644
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38844.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38844.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-38844",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.840",
- "lastModified": "2024-02-21T21:15:08.840",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de inyecci\u00f3n SQL en PMB v.7.4.7 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro tesauro en export_skos.php."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3966.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3966.json
index 50b11a94a06..088272174bb 100644
--- a/CVE-2023/CVE-2023-39xx/CVE-2023-3966.json
+++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3966.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3966",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-22T13:15:07.770",
- "lastModified": "2024-02-22T13:15:07.770",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40191.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40191.json
index 192ce9707ce..9386ec8f8c7 100644
--- a/CVE-2023/CVE-2023-401xx/CVE-2023-40191.json
+++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40191.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-40191",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:07.870",
- "lastModified": "2024-02-21T03:15:07.870",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the \u201cBlocked Email Domains\u201d text field"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-site scripting (XSS) reflejado en la configuraci\u00f3n de instancia para cuentas en Liferay Portal 7.4.3.44 a 7.4.3.97, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaci\u00f3n 44 a 92 permite a atacantes remotos inyectar script arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"Dominios de correo electr\u00f3nico bloqueados\""
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42496.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42496.json
index 5f68e4236f1..c5b5824a9a2 100644
--- a/CVE-2023/CVE-2023-424xx/CVE-2023-42496.json
+++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42496.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42496",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.057",
- "lastModified": "2024-02-21T03:15:08.057",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-site scripting (XSS) reflejado al agregar asignados a una p\u00e1gina de rol en Liferay Portal 7.3.3 hasta 7.4.3.97 y Liferay DXP 2023.Q3 antes del parche 6, 7.4 GA hasta la actualizaci\u00f3n 92 y 7.3 antes de que la actualizaci\u00f3n 34 lo permita atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42498.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42498.json
index edda3c8ab09..af1e074c08a 100644
--- a/CVE-2023/CVE-2023-424xx/CVE-2023-42498.json
+++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42498.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42498",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.240",
- "lastModified": "2024-02-21T03:15:08.240",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de cross-site scripting (XSS) reflejado en la pantalla de edici\u00f3n de Language Override en Liferay Portal 7.4.3.8 a 7.4.3.97, y Liferay DXP 2023.Q3 antes del parche 5, y 7.4 actualizaci\u00f3n 4 a 92 permite a atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del par\u00e1metro _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42823.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42823.json
index fe08c383a69..914b9f872dc 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42823.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42823.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42823",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.540",
- "lastModified": "2024-02-21T07:15:47.540",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se resolvi\u00f3 sanitizando el registro. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json
index d0691b6f9bc..0098cc8c206 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42834.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42834",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.977",
- "lastModified": "2024-02-21T07:15:47.977",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42835.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42835.json
index 2689aea41d5..824960b6e04 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42835.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42835.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42835",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.167",
- "lastModified": "2024-02-21T07:15:48.167",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1. Un atacante puede acceder a los datos del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42836.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42836.json
index ba488dc2fce..e550f96c7b9 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42836.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42836.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42836",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.333",
- "lastModified": "2024-02-21T07:15:48.333",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. Un atacante puede acceder a vol\u00famenes de red conectados montados en el directorio de inicio."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42838.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42838.json
index 9e2c60809af..cf42f2e00c9 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42838.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42838.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42838",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.543",
- "lastModified": "2024-02-21T07:15:48.543",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de acceso con mejoras en la zona de pruebas. Este problema se solucion\u00f3 en macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42839.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42839.json
index 41c365739eb..db42fa95b9a 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42839.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42839.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42839",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.633",
- "lastModified": "2024-02-21T07:15:48.633",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
+ },
+ {
+ "lang": "es",
+ "value": "Esta cuesti\u00f3n se abord\u00f3 con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42840.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42840.json
index e6e8dca0dd0..e15d6091fdc 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42840.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42840.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42840",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.767",
- "lastModified": "2024-02-21T07:15:48.767",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42843.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42843.json
index e9e2ba5490e..9fbe53b1d1a 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42843.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42843.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42843",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.940",
- "lastModified": "2024-02-21T07:15:48.940",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de interfaz de usuario inconsistente con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\u00f3n de la barra de direcciones."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42848.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42848.json
index 56bd8b9cd1e..f011ca43fd2 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42848.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42848.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42848",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.113",
- "lastModified": "2024-02-21T07:15:49.113",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Procesar una imagen creada con fines malintencionados puede provocar da\u00f1os en el mont\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42853.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42853.json
index 7e9b5db5bb9..5b7fe3d5f9e 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42853.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42853.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42853",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.273",
- "lastModified": "2024-02-21T07:15:49.273",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42855.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42855.json
index 937d168b142..eaef9911168 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42855.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42855.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42855",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.460",
- "lastModified": "2024-02-21T07:15:49.460",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device."
+ },
+ {
+ "lang": "es",
+ "value": "Esta cuesti\u00f3n se abord\u00f3 con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Un atacante con acceso f\u00edsico puede conservar silenciosamente una ID de Apple en un dispositivo borrado."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42858.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42858.json
index bbd1bf0c6d8..d0ecdc7d81f 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42858.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42858.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.533",
- "lastModified": "2024-02-21T07:15:49.533",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42859.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42859.json
index 5b0ead40170..186c20e54c9 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42859.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42859.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42859",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.670",
- "lastModified": "2024-02-21T07:15:49.670",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42860.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42860.json
index 92787e228b4..4ad5e3ff1dd 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42860.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42860.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.827",
- "lastModified": "2024-02-21T07:15:49.827",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42873.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42873.json
index de82a2a89ac..f42d94e9236 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42873.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42873.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42873",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.997",
- "lastModified": "2024-02-21T07:15:49.997",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42877.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42877.json
index e706c2efcba..9dd49d510e6 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42877.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42877.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42877",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.173",
- "lastModified": "2024-02-21T07:15:50.173",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42878.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42878.json
index dc74a7add9e..f7abf3db960 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42878.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42878.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42878",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.357",
- "lastModified": "2024-02-21T07:15:50.357",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42889.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42889.json
index fe01d46dfb9..e71636b70cf 100644
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42889.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42889.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42889",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.453",
- "lastModified": "2024-02-21T07:15:50.453",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42928.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42928.json
index 301d98cbd1d..43abb213500 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42928.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42928.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42928",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.603",
- "lastModified": "2024-02-21T07:15:50.603",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda obtener privilegios elevados."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42939.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42939.json
index 647a1290b43..f78ab5041e7 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42939.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42939.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42939",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.767",
- "lastModified": "2024-02-21T07:15:50.767",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. La actividad de navegaci\u00f3n privada de un usuario puede guardarse inesperadamente en el Informe de privacidad de la aplicaci\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42942.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42942.json
index 786da344033..0d557957e2c 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42942.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42942.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42942",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.963",
- "lastModified": "2024-02-21T07:15:50.963",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Este problema se solucion\u00f3 mejorando el manejo de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n maliciosa pueda obtener privilegios de root."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42945.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42945.json
index 5ffd631572a..2c6cfbf4fcc 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42945.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42945.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42945",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.140",
- "lastModified": "2024-02-21T07:15:51.140",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.1. Una aplicaci\u00f3n puede obtener acceso no autorizado a Bluetooth."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42946.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42946.json
index cff29f459c7..59b9ce84525 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42946.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42946.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42946",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.307",
- "lastModified": "2024-02-21T07:15:51.307",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information."
+ },
+ {
+ "lang": "es",
+ "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda filtrar informaci\u00f3n confidencial del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42951.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42951.json
index cbb0fb2225b..72aed4af327 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42951.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42951.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42951",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.363",
- "lastModified": "2024-02-21T07:15:51.363",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que un usuario no pueda eliminar elementos del historial de navegaci\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json
index 8376ed454a1..8fef924df1f 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42952.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42952",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.510",
- "lastModified": "2024-02-21T07:15:51.510",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information."
+ },
+ {
+ "lang": "es",
+ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. Una aplicaci\u00f3n con privilegios de root puede acceder a informaci\u00f3n privada."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json
index 5202d48022f..c2c279440d4 100644
--- a/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json
+++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42953.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-42953",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.717",
- "lastModified": "2024-02-21T07:15:51.717",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
+ },
+ {
+ "lang": "es",
+ "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44379.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44379.json
index b6f65a7294c..b3e19e2fa55 100644
--- a/CVE-2023/CVE-2023-443xx/CVE-2023-44379.json
+++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44379.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-44379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.060",
- "lastModified": "2024-02-22T15:15:08.060",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45868.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45868.json
index 3da871b9727..2fd61f91709 100644
--- a/CVE-2023/CVE-2023-458xx/CVE-2023-45868.json
+++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45868.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-45868",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T15:15:08.957",
- "lastModified": "2023-11-14T18:08:02.027",
+ "lastModified": "2024-02-22T19:06:44.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -21,7 +21,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@@ -29,12 +29,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
- "availabilityImpact": "NONE",
- "baseScore": 6.5,
- "baseSeverity": "MEDIUM"
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
- "impactScore": 3.6
+ "impactScore": 5.2
}
]
},
diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46241.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46241.json
index 5765a2b43a9..8d7e2ce4858 100644
--- a/CVE-2023/CVE-2023-462xx/CVE-2023-46241.json
+++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46241.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-46241",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T16:15:49.240",
- "lastModified": "2024-02-21T16:15:49.240",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than `Accounts in this organizational directory only (O365 only - Single tenant)` are vulnerable. This vulnerability has been patched in commit c40665f44509724b64938c85def9fb2e79f62ec8 of `discourse-microsoft-auth`. A `microsoft_auth:revoke` rake task has also been added which will deactivate and log out all users that have connected their accounts to Microsoft. User API keys as well as API keys created by those users will also be revoked. The rake task will also remove the connection records to Microsoft for those users. This will allow affected users to re-verify their account emails as well as reconnect their Discourse account to Microsoft for authentication. As a workaround, disable the `discourse-microsoft-auth` plugin by setting the `microsoft_auth_enabled` site setting to `false`. Run the `microsoft_auth:log_out_users` rake task to log out all users with associated Microsoft accounts.\n"
+ },
+ {
+ "lang": "es",
+ "value": "`discourse-microsoft-auth` es un complemento que permite la autenticaci\u00f3n a trav\u00e9s de Microsoft. En sitios con el complemento `discourse-microsoft-auth` habilitado, un ataque puede potencialmente tomar el control de la cuenta de Discourse de una v\u00edctima. Los sitios que han configurado el tipo de cuenta de su aplicaci\u00f3n con cualquier opci\u00f3n distinta a \"Cuentas solo en este directorio organizacional (solo O365 - Inquilino \u00fanico)\" son vulnerables. Esta vulnerabilidad ha sido parcheada en el commit c40665f44509724b64938c85def9fb2e79f62ec8 de `discourse-microsoft-auth`. Tambi\u00e9n se agreg\u00f3 una tarea de rake `microsoft_auth:revoke` que desactivar\u00e1 y cerrar\u00e1 sesi\u00f3n a todos los usuarios que hayan conectado sus cuentas a Microsoft. Tambi\u00e9n se revocar\u00e1n las claves API de usuario, as\u00ed como las claves API creadas por esos usuarios. La tarea de rake tambi\u00e9n eliminar\u00e1 los registros de conexi\u00f3n a Microsoft para esos usuarios. Esto permitir\u00e1 a los usuarios afectados volver a verificar los correos electr\u00f3nicos de sus cuentas y volver a conectar su cuenta de Discourse a Microsoft para su autenticaci\u00f3n. Como workaround, deshabilite el complemento `discourse-microsoft-auth` estableciendo la configuraci\u00f3n del sitio `microsoft_auth_enabled` en `false`. Ejecute la tarea de rake `microsoft_auth:log_out_users` para cerrar la sesi\u00f3n de todos los usuarios con cuentas de Microsoft asociadas."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47422.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47422.json
index 1e164508e7c..f44c0e1a305 100644
--- a/CVE-2023/CVE-2023-474xx/CVE-2023-47422.json
+++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47422.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-47422",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.143",
- "lastModified": "2024-02-20T22:15:08.143",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema de control de acceso en /usr/sbin/httpd en Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46 y Tenda AX12 V1 V22.03.01.46 permite a los atacantes para omitir la autenticaci\u00f3n en cualquier endpoint a trav\u00e9s de una URL manipulada."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
index cdc1f723669..55e1de7e96a 100644
--- a/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
+++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-47795",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T14:15:45.677",
- "lastModified": "2024-02-21T14:15:45.677",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's \u201cTitle\u201d text field."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el widget Documentos y Medios en Liferay Portal 7.4.3.18 a 7.4.3.101, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaciones 18 a 92 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"T\u00edtulo\" de un documento."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48715.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48715.json
index ebc6fce1384..3d57efde413 100644
--- a/CVE-2023/CVE-2023-487xx/CVE-2023-48715.json
+++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48715.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-48715",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T19:15:08.860",
- "lastModified": "2023-12-14T14:51:04.473",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-02-22T19:15:08.410",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue."
+ "value": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue."
},
{
"lang": "es",
diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4895.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4895.json
index 7c5c5330bb1..9a46c739361 100644
--- a/CVE-2023/CVE-2023-48xx/CVE-2023-4895.json
+++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4895.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-4895",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T01:15:07.780",
- "lastModified": "2024-02-22T01:15:07.780",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects"
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 12.0 a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Esta vulnerabilidad permite omitir la configuraci\u00f3n de 'restricci\u00f3n de IP de grupo' para acceder a los detalles del entorno de los proyectos."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49100.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49100.json
index 13cb0055685..5def9aabaa1 100644
--- a/CVE-2023/CVE-2023-491xx/CVE-2023-49100.json
+++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49100.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-49100",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.457",
- "lastModified": "2024-02-21T16:15:49.457",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however."
+ },
+ {
+ "lang": "es",
+ "value": "Trusted Firmware-A (TF-A) anterior a 2.10 tiene una posible lectura fuera de los l\u00edmites en el servicio SDEI. El par\u00e1metro de entrada pasado en el registro x1 no est\u00e1 suficientemente validado en la funci\u00f3n sdei_interrupt_bind. El par\u00e1metro se pasa a una llamada a plat_ic_get_interrupt_type. Puede ser cualquier valor arbitrario que pase las comprobaciones en la funci\u00f3n plat_ic_is_sgi. Un Normal World (kernel de Linux) comprometido puede permitir que un atacante con privilegios de root emita llamadas SMC arbitrarias. Usando esta primitiva, puede controlar el contenido de los registros x0 a x6, que se utilizan para enviar par\u00e1metros a TF-A. Las direcciones fuera de los l\u00edmites se pueden leer en el contexto de TF-A (EL3). Debido a que el valor le\u00eddo nunca se devuelve a la memoria no segura o a los registros, no es posible ninguna fuga. Sin embargo, un atacante a\u00fan puede bloquear TF-A."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
index df36e5181dd..97f587e2888 100644
--- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
+++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
- "lastModified": "2024-01-03T15:15:09.770",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2024-02-22T20:18:58.020",
+ "vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-11-21",
"cisaActionDue": "2023-12-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@@ -93,8 +93,10 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "68D5A70D-5CEE-4E19-BF35-0245A0E0F6BC"
+ "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.34",
+ "versionEndExcluding": "2.39",
+ "matchCriteriaId": "71609239-5262-473E-ACCE-18AE51AB184E"
}
]
}
@@ -131,11 +133,36 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FB1DF28D-0D84-4E40-8E46-BA0EFD371111"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C1A0CA2-2BBD-4A7A-B467-F456867D5EC6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "845B853C-8F99-4987-AA8E-76078CE6A977"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
},
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
@@ -145,6 +172,36 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
+ "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2C0ED62-9DEE-437C-AC01-0173128259DB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A633E21A-EBAA-41C9-A009-A36BDC762464"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
@@ -154,15 +211,28 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
@@ -190,19 +260,31 @@
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/11",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/3",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/5",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/6",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
@@ -227,11 +309,17 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5476",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0033",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4911",
@@ -280,7 +368,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0006/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5514",
diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50923.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50923.json
index 6f02475b87f..d29296ea37a 100644
--- a/CVE-2023/CVE-2023-509xx/CVE-2023-50923.json
+++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50923.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-50923",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T00:15:07.597",
- "lastModified": "2024-02-21T00:15:07.597",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""
+ },
+ {
+ "lang": "es",
+ "value": "En QUIC en RFC 9000, la especificaci\u00f3n Latency Spin Bit (secci\u00f3n 17.4) no restringe estrictamente el valor del bit cuando la caracter\u00edstica est\u00e1 deshabilitada, lo que podr\u00eda permitir a atacantes remotos construir un canal encubierto con datos representados como cambios en el valor del bit. NOTA: \"Sheridan, S., Keane, A. (2015). En Actas de la 14\u00aa Conferencia Europea sobre Guerra Cibern\u00e9tica y Seguridad (ECCWS), Universidad de Hertfordshire, Hatfield, Reino Unido\". El art\u00edculo dice: \"Los protocolos de comunicaci\u00f3n de Internet modernos proporcionan un n\u00famero casi infinito de formas en las que los datos pueden ocultarse o incrustarse en el tr\u00e1fico de red aparentemente normal\"."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50955.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50955.json
index 017f5a581b8..e4c8c856a71 100644
--- a/CVE-2023/CVE-2023-509xx/CVE-2023-50955.json
+++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50955.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-50955",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-21T15:15:08.760",
- "lastModified": "2024-02-21T15:15:08.760",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777."
+ },
+ {
+ "lang": "es",
+ "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalaci\u00f3n del servidor web, lo que podr\u00eda ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50975.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50975.json
index 0df88bc38c9..e304c8372e7 100644
--- a/CVE-2023/CVE-2023-509xx/CVE-2023-50975.json
+++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50975.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-50975",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T19:15:08.373",
- "lastModified": "2024-02-21T19:15:08.373",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information."
+ },
+ {
+ "lang": "es",
+ "value": "El cliente TD Bank TD Advanced Dashboard hasta 3.0.3 para macOS permite la ejecuci\u00f3n de c\u00f3digo arbitrario debido a la falta de electron::fuses::IsRunAsNodeEnabled (es decir, ELECTRON_RUN_AS_NODE se puede usar en producci\u00f3n). Esto facilita que un proceso comprometido acceda a la informaci\u00f3n bancaria."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51388.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51388.json
index fb883210246..ce661c9692d 100644
--- a/CVE-2023/CVE-2023-513xx/CVE-2023-51388.json
+++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51388.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-51388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.413",
- "lastModified": "2024-02-22T16:15:53.413",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51389.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51389.json
index 87dd916e974..29b42c36647 100644
--- a/CVE-2023/CVE-2023-513xx/CVE-2023-51389.json
+++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51389.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-51389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.623",
- "lastModified": "2024-02-22T16:15:53.623",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51450.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51450.json
index 096ca552b7b..c20a441666a 100644
--- a/CVE-2023/CVE-2023-514xx/CVE-2023-51450.json
+++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51450.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-51450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.290",
- "lastModified": "2024-02-22T15:15:08.290",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51653.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51653.json
index 3a64e409c0e..2f9cc78cac4 100644
--- a/CVE-2023/CVE-2023-516xx/CVE-2023-51653.json
+++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51653.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-51653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.800",
- "lastModified": "2024-02-22T16:15:53.800",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51828.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51828.json
index 6e876f2e9b9..d7b62e5d8b7 100644
--- a/CVE-2023/CVE-2023-518xx/CVE-2023-51828.json
+++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51828.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-51828",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:48.960",
- "lastModified": "2024-02-21T22:15:48.960",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en /admin/convert/export.class.php en PMB 7.4.7 y versiones anteriores permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro de consulta en la funci\u00f3n get_next_notice."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52153.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52153.json
index 0def4b17344..2ca3356c1b7 100644
--- a/CVE-2023/CVE-2023-521xx/CVE-2023-52153.json
+++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52153.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52153",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.023",
- "lastModified": "2024-02-21T22:15:49.023",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en /pmb/opac_css/includes/sessions.inc.php en PMB 7.4.7 y versiones anteriores permite a atacantes remotos no autenticados inyectar comandos SQL arbitrarios a trav\u00e9s del valor de cookie PmbOpac-LOGIN."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52154.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52154.json
index 0fd758c2b57..a54c12ac7a0 100644
--- a/CVE-2023/CVE-2023-521xx/CVE-2023-52154.json
+++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52154.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52154",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.073",
- "lastModified": "2024-02-21T22:15:49.073",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de carga de archivos en pmb/camera_upload.php en PMB 7.4.7 y versiones anteriores permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de archivos PHTML manipulados."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52155.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52155.json
index 7cca47e06be..16b1cd54aaa 100644
--- a/CVE-2023/CVE-2023-521xx/CVE-2023-52155.json
+++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52155.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52155",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.117",
- "lastModified": "2024-02-21T22:15:49.117",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en /admin/sauvegarde/run.php en PMB 7.4.7 y anteriores permite a atacantes remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la variable sauvegardes a trav\u00e9s del endpoint /admin/sauvegarde/run.php."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52160.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52160.json
index 6d9168fa2a1..51442215154 100644
--- a/CVE-2023/CVE-2023-521xx/CVE-2023-52160.json
+++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52160.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52160",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T17:15:08.263",
- "lastModified": "2024-02-22T18:15:48.530",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52161.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52161.json
index 0bceab2377f..722bb1b1ea7 100644
--- a/CVE-2023/CVE-2023-521xx/CVE-2023-52161.json
+++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52161.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52161",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T17:15:08.327",
- "lastModified": "2024-02-22T17:15:08.327",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52440.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52440.json
index 87c83fa7d33..f258d8dc57e 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52440.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52440.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52440",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.203",
- "lastModified": "2024-02-21T08:15:45.203",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige el desbordamiento de slub en ksmbd_decode_ntlmssp_auth_blob() Si authblob->SessionKey.Length es mayor que el tama\u00f1o de la clave de sesi\u00f3n (CIFS_KEY_SIZE), puede ocurrir un desbordamiento de slub en los c\u00f3digos de intercambio de claves. cifs_arc4_crypt copia a la matriz de claves de sesi\u00f3n desde SessionKey del cliente."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52441.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52441.json
index 0b1234e7b1f..9656f5b4f12 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52441.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52441.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52441",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.463",
- "lastModified": "2024-02-21T08:15:45.463",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: correcci\u00f3n fuera de los l\u00edmites en init_smb2_rsp_hdr() Si el cliente env\u00eda una solicitud de negociaci\u00f3n smb2 y luego env\u00eda una solicitud de negociaci\u00f3n smb1, se llama a init_smb2_rsp_hdr para la solicitud de negociaci\u00f3n smb1 ya que need_neg est\u00e1 configurado en falso. Este parche ignora los paquetes smb1 despu\u00e9s de que ->need_neg se establece en falso."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json
index cffcec81cbd..d7dc99b5cda 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52442.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-52442",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.547",
- "lastModified": "2024-02-21T08:15:45.547",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in compound request\n\n`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()\nwill always return the first request smb2 header in a compound request.\nif `SMB2_TREE_CONNECT_HE` is the first command in compound request, will\nreturn 0, i.e. The tree id check is skipped.\nThis patch use ksmbd_req_buf_next() to get current command in compound."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: validar la identificaci\u00f3n de la sesi\u00f3n y la identificaci\u00f3n del \u00e1rbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolver\u00e1 el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolver\u00e1 0, es decir, se omite la verificaci\u00f3n de identificaci\u00f3n del \u00e1rbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto."
}
],
"metrics": {},
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52443.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52443.json
index 02fffc551cd..21a2eee4bb0 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52443.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52443.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52443",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.377",
- "lastModified": "2024-02-22T17:15:08.377",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52444.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52444.json
index 6ef1a6f51e4..4d0ce1dc7df 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52444.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52444.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52444",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.430",
- "lastModified": "2024-02-22T17:15:08.430",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52445.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52445.json
index 0a1c7a233fa..9ed323d2cd7 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52445.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52445.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52445",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.477",
- "lastModified": "2024-02-22T17:15:08.477",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52446.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52446.json
index 71593383d59..a9beaa5df7d 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52446.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52446.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52446",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.527",
- "lastModified": "2024-02-22T17:15:08.527",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52447.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
index 2df6a8f002f..012eaa01e68 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52447",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.580",
- "lastModified": "2024-02-22T17:15:08.580",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52448.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52448.json
index 5081fb072d1..a3e1582e8bd 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52448.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52448.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52448",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.630",
- "lastModified": "2024-02-22T17:15:08.630",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52449.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52449.json
index cad2b9e1502..4eb9d9655e8 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52449.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52449.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52449",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.677",
- "lastModified": "2024-02-22T17:15:08.677",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52450.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52450.json
index 1e870ca617b..890466ebd02 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52450.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52450.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52450",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.733",
- "lastModified": "2024-02-22T17:15:08.733",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52451.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52451.json
index c2252437582..d7546819f3f 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52451.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52451.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52451",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.777",
- "lastModified": "2024-02-22T17:15:08.777",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52452.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52452.json
index dd7a50d9211..b362b28730e 100644
--- a/CVE-2023/CVE-2023-524xx/CVE-2023-52452.json
+++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52452.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-52452",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.830",
- "lastModified": "2024-02-22T17:15:08.830",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6477.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6477.json
index cbde0323ab6..bb3f49253dd 100644
--- a/CVE-2023/CVE-2023-64xx/CVE-2023-6477.json
+++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6477.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-6477",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.533",
- "lastModified": "2024-02-22T00:15:51.533",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 16.5 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Cuando a un usuario se le asigna una funci\u00f3n personalizada con permiso admin_group_member, es posible que pueda convertir un grupo, otros miembros o ellos mismos en propietarios de ese grupo, lo que puede llevar a una escalada de privilegios."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6533.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6533.json
index 44a58e4136c..634d367a0f6 100644
--- a/CVE-2023/CVE-2023-65xx/CVE-2023-6533.json
+++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6533.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-6533",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-02-21T20:15:46.283",
- "lastModified": "2024-02-21T20:15:46.283",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.\u00a0"
+ },
+ {
+ "lang": "es",
+ "value": "Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Despu\u00e9s de esto, el controlador no reconocer\u00e1 las tramas enviadas por el dispositivo final. Esta vulnerabilidad existe en PC Controller v5.54.0 y versiones anteriores."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6640.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6640.json
index 4c6009349b1..92d23a99bec 100644
--- a/CVE-2023/CVE-2023-66xx/CVE-2023-6640.json
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6640.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-6640",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-02-21T20:15:46.497",
- "lastModified": "2024-02-21T20:15:46.497",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.\u00a0"
+ },
+ {
+ "lang": "es",
+ "value": "Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6936.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6936.json
index 74eb805f70c..4ed81425b78 100644
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6936.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6936.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-6936",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-02-20T22:15:08.197",
- "lastModified": "2024-02-20T22:15:08.197",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n"
+ },
+ {
+ "lang": "es",
+ "value": "En wolfSSL anterior a 5.6.6, si las funciones de devoluci\u00f3n de llamada est\u00e1n habilitadas (a trav\u00e9s del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del b\u00fafer en el mont\u00f3n de 5 bytes (WOLFSSL_CALLBACKS solo est\u00e1 destinado a la depuraci\u00f3n)."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
index 85088b0d131..471287a87e6 100644
--- a/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
+++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-7235",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-02-21T11:15:07.673",
- "lastModified": "2024-02-21T11:15:07.673",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0220.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0220.json
index 413bbb11a55..cda89564205 100644
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0220.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0220.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-0220",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-22T11:15:08.840",
- "lastModified": "2024-02-22T11:15:08.840",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0407.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0407.json
index 17a722b1c82..6afab834753 100644
--- a/CVE-2024/CVE-2024-04xx/CVE-2024-0407.json
+++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0407.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0407",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-21T01:15:07.753",
- "lastModified": "2024-02-21T01:15:07.753",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store."
+ },
+ {
+ "lang": "es",
+ "value": "Ciertas impresoras HP Enterprise LaserJet y HP LaserJet Managed son potencialmente vulnerables a la divulgaci\u00f3n de informaci\u00f3n, cuando las conexiones realizadas por el dispositivo a los servicios habilitados por algunas soluciones pueden haber sido confiables sin el certificado CA apropiado en el almac\u00e9n de certificados del dispositivo."
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0410.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0410.json
index 1a4020dc544..dbf5a26d880 100644
--- a/CVE-2024/CVE-2024-04xx/CVE-2024-0410.json
+++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0410.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0410",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.723",
- "lastModified": "2024-02-22T00:15:51.723",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en GitLab que afecta a las versiones 15.1 anteriores a 16.7.6, 16.8 anteriores a 16.8.3 y 16.9 anteriores a 16.9.1. Un desarrollador podr\u00eda eludir las aprobaciones de CODEOWNERS creando un conflicto de fusi\u00f3n."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0446.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0446.json
index ecb511b5028..916c25c0c94 100644
--- a/CVE-2024/CVE-2024-04xx/CVE-2024-0446.json
+++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0446.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0446",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-02-22T00:15:51.903",
- "lastModified": "2024-02-22T00:15:51.903",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u00a0\n"
+ },
+ {
+ "lang": "es",
+ "value": "Un archivo STP, CATPART o MODEL creado con fines malintencionados cuando se analiza en ASMKERN228A.dll a trav\u00e9s de Autodesk AutoCAD puede forzar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, escribir datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0593.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0593.json
index 9261ee6bf75..a24babd8f36 100644
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0593.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0593.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0593",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:52.520",
- "lastModified": "2024-02-21T07:15:52.520",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Simple Job Board para WordPress es vulnerable al acceso no autorizado a los datos | debido a una verificaci\u00f3n de autorizaci\u00f3n insuficiente en la funci\u00f3n fetch_quick_job() en todas las versiones hasta la 2.10.8 incluida. Esto hace posible que atacantes no autenticados obtengan publicaciones arbitrarias, que pueden estar protegidas con contrase\u00f1a o ser privadas y contener informaci\u00f3n confidencial."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0861.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0861.json
index cdccc82e791..3e8aef0020f 100644
--- a/CVE-2024/CVE-2024-08xx/CVE-2024-0861.json
+++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0861.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0861",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.973",
- "lastModified": "2024-02-22T00:15:51.973",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde 16.4 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Los usuarios con el rol \"Invitado\" pueden cambiar la configuraci\u00f3n de \"Proyectos de panel personalizados\" en contra de los permisos."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0903.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0903.json
index 965f1a656e7..3b21dc9f1eb 100644
--- a/CVE-2024/CVE-2024-09xx/CVE-2024-0903.json
+++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0903.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-0903",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-22T06:15:57.453",
- "lastModified": "2024-02-22T06:15:57.453",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del valor de \"enlace\" 'page_submitted' en todas las versiones hasta la 1.0.13 incluida, debido a una sanitizaci\u00f3n insuficiente de los insumos y escape de los productos. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en la p\u00e1gina de env\u00edo de comentarios que se ejecutar\u00e1n cuando un usuario haga clic en el enlace y al mismo tiempo presione la tecla Comando."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1053.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1053.json
index a9dae01b66b..862e55ac138 100644
--- a/CVE-2024/CVE-2024-10xx/CVE-2024-1053.json
+++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1053.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1053",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-22T06:15:57.703",
- "lastModified": "2024-02-22T06:15:57.703",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Event Tickets and Registration para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n 'email' en todas las versiones hasta la 5.8.1 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, se env\u00eden por correo electr\u00f3nico la lista de asistentes."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1081.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1081.json
index 80a68f3f37c..13df9b96b7e 100644
--- a/CVE-2024/CVE-2024-10xx/CVE-2024-1081.json
+++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1081.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1081",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:53.183",
- "lastModified": "2024-02-21T07:15:53.183",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento 3D FlipBook \u2013 PDF Flipbook WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funci\u00f3n de marcador del complemento en todas las versiones hasta la 1.15.3 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1104.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1104.json
index 0a544f56ff8..a7b89ec6826 100644
--- a/CVE-2024/CVE-2024-11xx/CVE-2024-1104.json
+++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1104.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-1104",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-02-22T12:15:46.033",
- "lastModified": "2024-02-22T12:15:46.033",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1108.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1108.json
index 82d9e05a147..0e69652a910 100644
--- a/CVE-2024/CVE-2024-11xx/CVE-2024-1108.json
+++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1108.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1108",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T03:15:08.567",
- "lastModified": "2024-02-21T03:15:08.567",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Plugin Groups para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n admin_init() en todas las versiones hasta la 2.0.6 incluida. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del complemento, lo que tambi\u00e9n puede provocar una denegaci\u00f3n de servicio debido a una mala configuraci\u00f3n."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1212.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1212.json
index feb43a2d0bd..cc4ed52df20 100644
--- a/CVE-2024/CVE-2024-12xx/CVE-2024-1212.json
+++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1212.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1212",
"sourceIdentifier": "security@progress.com",
"published": "2024-02-21T18:15:50.417",
- "lastModified": "2024-02-21T18:15:50.417",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Los atacantes remotos no autenticados pueden acceder al sistema a trav\u00e9s de la interfaz de administraci\u00f3n de LoadMaster, lo que permite la ejecuci\u00f3n arbitraria de comandos del sistema."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1451.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1451.json
index e53ed16ab9a..9a12c12a882 100644
--- a/CVE-2024/CVE-2024-14xx/CVE-2024-1451.json
+++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1451.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1451",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:52.153",
- "lastModified": "2024-02-22T00:15:52.153",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims.\""
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.9 hasta la 16.9.1. un payload manipulado y agregado a la p\u00e1gina de perfil del usuario podr\u00eda generar un XSS almacenado en el lado del cliente, lo que permitir\u00eda a los atacantes realizar acciones arbitrarias en nombre de las v\u00edctimas\"."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1474.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1474.json
index 89b3be255a2..fdf80d73676 100644
--- a/CVE-2024/CVE-2024-14xx/CVE-2024-1474.json
+++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1474.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1474",
"sourceIdentifier": "security@progress.com",
"published": "2024-02-21T16:15:49.520",
- "lastModified": "2024-02-21T16:15:49.520",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface."
+ },
+ {
+ "lang": "es",
+ "value": "En las versiones del servidor WS_FTP anteriores a la 8.8.5, se identificaron problemas de Cross-Site Scripting Reflejado en varias entradas proporcionadas por el usuario en la interfaz administrativa del servidor WS_FTP."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1501.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1501.json
index 49ec40ef882..8f7221fe970 100644
--- a/CVE-2024/CVE-2024-15xx/CVE-2024-1501.json
+++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1501.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1501",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T04:15:07.800",
- "lastModified": "2024-02-21T04:15:07.800",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Database Reset para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.22 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n install_wpr(). Esto hace posible que atacantes no autenticados instalen el complemento WP Reset a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1525.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1525.json
index 51d2d19aaa2..e9e52d0b791 100644
--- a/CVE-2024/CVE-2024-15xx/CVE-2024-1525.json
+++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1525.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1525",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:52.327",
- "lastModified": "2024-02-22T00:15:52.327",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. En algunas condiciones especializadas, un usuario de LDAP puede restablecer su contrase\u00f1a utilizando su direcci\u00f3n de correo electr\u00f3nico secundaria verificada e iniciar sesi\u00f3n mediante autenticaci\u00f3n directa con la contrase\u00f1a restablecida, sin pasar por LDAP."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1562.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1562.json
index 50d1bfc68ad..5347a768342 100644
--- a/CVE-2024/CVE-2024-15xx/CVE-2024-1562.json
+++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1562.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1562",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T04:15:07.987",
- "lastModified": "2024-02-21T04:15:07.987",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento WooCommerce Google Sheet Connector para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n execute_post_data en todas las versiones hasta la 1.3.11 incluida. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1563.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1563.json
index b5b295a5a19..92a7b26a4b8 100644
--- a/CVE-2024/CVE-2024-15xx/CVE-2024-1563.json
+++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1563.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-1563",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.480",
- "lastModified": "2024-02-22T15:15:08.480",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1631.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1631.json
index a01f0e0dbd3..1fde1c591ba 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1631.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1631.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1631",
"sourceIdentifier": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"published": "2024-02-21T03:15:08.747",
- "lastModified": "2024-02-21T05:15:08.790",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller. \n"
+ },
+ {
+ "lang": "es",
+ "value": "Impacto: la librer\u00eda ofrece una funci\u00f3n para generar un par de claves ed25519 a trav\u00e9s de Ed25519KeyIdentity.generate con un par\u00e1metro opcional para proporcionar un valor inicial de 32 bytes, que luego se utilizar\u00e1 como clave secreta. Cuando no se proporciona ning\u00fan valor inicial, se espera que la librer\u00eda genere la clave secreta mediante aleatoriedad segura. Sin embargo, un cambio reciente rompi\u00f3 esta garant\u00eda y utiliza una semilla insegura para la generaci\u00f3n del par de claves. Dado que la clave privada de esta identidad (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) est\u00e1 comprometida, se podr\u00edan perder fondos asociados con el principal en los libros de contabilidad o perder el acceso a un contenedor donde este principal es el controlador."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1669.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1669.json
index 4f246d0c126..11c93b10d0c 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1669.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1669.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1669",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.150",
- "lastModified": "2024-02-21T04:15:08.150",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
+ },
+ {
+ "lang": "es",
+ "value": "El acceso a la memoria fuera de los l\u00edmites en Blink en Google Chrome anterior a 122.0.6261.57 permit\u00eda a un atacante remoto realizar un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1670.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1670.json
index 92fd370b492..e548a9dba2a 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1670.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1670.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1670",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.210",
- "lastModified": "2024-02-21T04:15:08.210",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
+ },
+ {
+ "lang": "es",
+ "value": "Use after free en Mojo en Google Chrome anterior a 122.0.6261.57 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1671.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1671.json
index 3c8bf1bce0d..acc0f7d624b 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1671.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1671.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1671",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.257",
- "lastModified": "2024-02-21T04:15:08.257",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)"
+ },
+ {
+ "lang": "es",
+ "value": "La implementaci\u00f3n inadecuada de Site Isolation en Google Chrome anterior a 122.0.6261.57 permiti\u00f3 a un atacante remoto eludir la pol\u00edtica de seguridad de contenido a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1672.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1672.json
index 233e3a4f7ec..de775a61b25 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1672.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1672.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1672",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.297",
- "lastModified": "2024-02-21T04:15:08.297",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)"
+ },
+ {
+ "lang": "es",
+ "value": "La implementaci\u00f3n inadecuada de la Pol\u00edtica de seguridad de contenido en Google Chrome anterior a 122.0.6261.57 permiti\u00f3 a un atacante remoto eludir la pol\u00edtica de seguridad de contenido a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1673.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1673.json
index d7c49e23eec..ce760da731a 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1673.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1673.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1673",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.347",
- "lastModified": "2024-02-21T04:15:08.347",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)"
+ },
+ {
+ "lang": "es",
+ "value": "Use after free en Accesibilidad en Google Chrome anterior a 122.0.6261.57 permit\u00eda a un atacante remoto que hab\u00eda comprometido el proceso de renderizado explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de gestos de interfaz de usuario espec\u00edficos. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1674.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1674.json
index 37aa6eaa5e4..5503738e6cd 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1674.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1674.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1674",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.430",
- "lastModified": "2024-02-21T04:15:08.430",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"
+ },
+ {
+ "lang": "es",
+ "value": "La implementaci\u00f3n inadecuada en Navegaci\u00f3n en Google Chrome anterior a 122.0.6261.57 permiti\u00f3 a un atacante remoto eludir las restricciones de navegaci\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1675.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1675.json
index 399abea2c3b..7100216d8b4 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1675.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1675.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1675",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.540",
- "lastModified": "2024-02-21T04:15:08.540",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n insuficiente de pol\u00edticas en Descargas en Google Chrome anteriores a 122.0.6261.57 permiti\u00f3 a un atacante remoto eludir las restricciones del sistema de archivos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1676.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1676.json
index 3ac52021b80..99122dd0db9 100644
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1676.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1676.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1676",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.580",
- "lastModified": "2024-02-21T04:15:08.580",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:37.840",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)"
+ },
+ {
+ "lang": "es",
+ "value": "La implementaci\u00f3n inadecuada en la navegaci\u00f3n en Google Chrome anterior a 122.0.6261.57 permiti\u00f3 a un atacante remoto falsificar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1700.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1700.json
index 2dea430f32f..25cc887f25a 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1700.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1700.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1700",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T16:15:49.707",
- "lastModified": "2024-02-21T16:15:49.707",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad fue encontrada en keerti1924 PHP-MYSQL-User-Login-System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /signup.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento nombre de usuario con la entrada conduce a Cross-Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-254388. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1701.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1701.json
index 578c1850636..81a28e701e3 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1701.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1701.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1701",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T16:15:50.013",
- "lastModified": "2024-02-21T16:15:50.013",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad ha sido encontrada en keerti1924 PHP-MYSQL-User-Login-System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /edit.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-254389. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1702.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1702.json
index 4af28023e3f..198c28aa48a 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1702.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1702.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1702",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T17:15:08.583",
- "lastModified": "2024-02-21T17:15:08.583",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad fue encontrada en keerti1924 PHP-MYSQL-User-Login-System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /edit.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-254390 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1703.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1703.json
index 49571c66e26..0df99319f7d 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1703.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1703.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1703",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T17:15:08.793",
- "lastModified": "2024-02-21T17:15:08.793",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una vulnerabilidad en ZhongBangKeJi CRMEB 5.2.2. Ha sido clasificada como problem\u00e1tica. Esto afecta a la funci\u00f3n openfile del archivo /adminapi/system/file/openfile. La manipulaci\u00f3n conduce a un path traversal. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-254391. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1704.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1704.json
index 68f8c9645f0..a8844dcf9e8 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1704.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1704.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1704",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:50.613",
- "lastModified": "2024-02-21T18:15:50.613",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una vulnerabilidad en ZhongBangKeJi CRMEB 5.2.2. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n guardar/eliminar del archivo /adminapi/system/crud. La manipulaci\u00f3n conduce a path traversal. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-254392. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1705.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1705.json
index 0b30f47e98b..1a122ad91c3 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1705.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1705.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1705",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:50.823",
- "lastModified": "2024-02-21T18:15:50.823",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una vulnerabilidad en Shopwind hasta 4.6. Ha sido calificada como cr\u00edtica. Este problema afecta la funci\u00f3n actionCreate del archivo /public/install/controllers/DefaultController.php del componente Instalaci\u00f3n. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-254393. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1706.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1706.json
index 6d0cb365cc6..76d0ba5bf6f 100644
--- a/CVE-2024/CVE-2024-17xx/CVE-2024-1706.json
+++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1706.json
@@ -2,12 +2,16 @@
"id": "CVE-2024-1706",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:51.057",
- "lastModified": "2024-02-21T18:15:51.057",
- "vulnStatus": "Received",
+ "lastModified": "2024-02-22T19:07:27.197",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input